package org.truenewx.tnxjeex.fss.service.storage.aws;

import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.client.builder.AwsClientBuilder;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3ClientBuilder;
import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
import org.springframework.beans.factory.DisposableBean;
import org.truenewx.tnxjee.core.util.StringUtil;

/**
 * 亚马逊云账户配置属性
 */
public class AwsAccountProperties implements AwsAccount, DisposableBean {

    private String endpoint;
    private String region;
    private String bucketName;
    private String accessKey;
    private String secretKey;
    private String stsAccessKey;
    private String stsSecretKey;
    private AmazonS3 objectClient;
    private AWSSecurityTokenService stsClient;

    @Override
    public String getEndpoint() {
        return this.endpoint;
    }

    public void setEndpoint(String endpoint) {
        this.endpoint = endpoint;
    }

    @Override
    public String getRegion() {
        return this.region;
    }

    public void setRegion(String region) {
        this.region = region;
    }

    @Override
    public String getBucketName() {
        return this.bucketName;
    }

    public void setBucketName(String bucketName) {
        this.bucketName = bucketName;
    }

    public void setAccessKey(String accessKey) {
        this.accessKey = accessKey;
    }

    public void setSecretKey(String secretKey) {
        this.secretKey = secretKey;
    }

    public void setStsAccessKey(String stsAccessKey) {
        this.stsAccessKey = stsAccessKey;
    }

    public void setStsSecretKey(String stsSecretKey) {
        this.stsSecretKey = stsSecretKey;
    }

    @Override
    public AmazonS3 getObjectClient() {
        if (this.objectClient == null) {
            AwsClientBuilder.EndpointConfiguration endpointConfiguration = new AwsClientBuilder.EndpointConfiguration(
                    this.endpoint, this.region);
            BasicAWSCredentials credentials = new BasicAWSCredentials(this.accessKey, this.secretKey);
            AWSCredentialsProvider credentialsProvider = new AWSStaticCredentialsProvider(credentials);
            this.objectClient = AmazonS3ClientBuilder.standard().withEndpointConfiguration(endpointConfiguration)
                    .withCredentials(credentialsProvider).build();
        }
        return this.objectClient;
    }

    @Override
    public AWSSecurityTokenService getStsClient() {
        if (this.stsClient == null) {
            AwsClientBuilder.EndpointConfiguration endpointConfiguration = new AwsClientBuilder.EndpointConfiguration(
                    this.endpoint, this.region);
            // 优先使用STS的AccessKey，该AccessKey应该只有只读权限，以避免临时授权的权限过大
            String accessKey = StringUtil.ifBlank(this.stsAccessKey, this.accessKey);
            String secretKey = StringUtil.ifBlank(this.stsSecretKey, this.secretKey);
            BasicAWSCredentials credentials = new BasicAWSCredentials(accessKey, secretKey);
            AWSCredentialsProvider credentialsProvider = new AWSStaticCredentialsProvider(credentials);
            this.stsClient = AWSSecurityTokenServiceClientBuilder.standard()
                    .withEndpointConfiguration(endpointConfiguration)
                    .withCredentials(credentialsProvider).build();
        }
        return this.stsClient;
    }

    @Override
    public void destroy() throws Exception {
        if (this.objectClient != null) {
            this.objectClient.shutdown();
        }
        if (this.stsClient != null) {
            this.stsClient.shutdown();
        }
    }
}
